org.springframework.security.web.session.SessionManagementFilter Java Examples
The following examples show how to use
org.springframework.security.web.session.SessionManagementFilter.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: PlatformSecurityConfiguration.java From abixen-platform with GNU Lesser General Public License v2.1 | 6 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.httpBasic()
.and()
.authorizeRequests()
.antMatchers("/turbine.stream").permitAll()
.antMatchers("/test").permitAll()
.antMatchers("/service/**").permitAll()
.antMatchers("/api/user").permitAll()
.antMatchers("/api/user-activation/activate/*/").permitAll()
.anyRequest().authenticated()
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login?logout")
.and()
.addFilterAfter(new CsrfHeaderFilter(), SessionManagementFilter.class)
.csrf()
.csrfTokenRepository(csrfTokenRepository());
}
Example #2
| Source File: WebAuthnLoginConfigurer.java From webauthn4j-spring-security with Apache License 2.0 | 5 votes |
|
private void configure(H http) {
OptionsEndpointFilter optionsEndpointFilter;
ApplicationContext applicationContext = http.getSharedObject(ApplicationContext.class);
String[] beanNames = applicationContext.getBeanNamesForType(OptionsEndpointFilter.class);
if (beanNames.length == 0) {
optionsEndpointFilter = new OptionsEndpointFilter(optionsProvider, objectConverter);
optionsEndpointFilter.setFilterProcessesUrl(processingUrl);
} else {
optionsEndpointFilter = applicationContext.getBean(OptionsEndpointFilter.class);
}
http.addFilterAfter(optionsEndpointFilter, SessionManagementFilter.class);
}
Example #3
| Source File: FidoServerConfigurer.java From webauthn4j-spring-security with Apache License 2.0 | 5 votes |
|
void configure(H http) {
F serverEndpointFilter;
ApplicationContext applicationContext = http.getSharedObject(ApplicationContext.class);
String[] beanNames = applicationContext.getBeanNamesForType(filterClass);
if (beanNames.length == 0) {
serverEndpointFilter = createInstance();
if (filterProcessingUrl != null) {
serverEndpointFilter.setFilterProcessesUrl(filterProcessingUrl);
}
} else {
serverEndpointFilter = applicationContext.getBean(filterClass);
}
http.setSharedObject(filterClass, serverEndpointFilter);
http.addFilterAfter(serverEndpointFilter, SessionManagementFilter.class);
}
Example #4
| Source File: SessionConfig.java From Spring-Security-Third-Edition with MIT License | 4 votes |
|
@Bean
public SessionManagementFilter sessionManagementFilter(SecurityContextRepository securityContextRepository,
SessionAuthenticationStrategy sessionAuthenticationStrategy){
return new SessionManagementFilter(securityContextRepository, sessionAuthenticationStrategy);
}
Example #5
| Source File: SecurityManagedConfiguration.java From hawkbit with Eclipse Public License 1.0 | 4 votes |
|
@Override
protected void configure(final HttpSecurity http) throws Exception {
HttpSecurity httpSec = http.regexMatcher("\\/rest.*|\\/system/admin.*").csrf().disable();
if (securityProperties.getCors().isEnabled()) {
httpSec = httpSec.cors().and();
}
if (securityProperties.isRequireSsl()) {
httpSec = httpSec.requiresChannel().anyRequest().requiresSecure().and();
}
httpSec.authorizeRequests().anyRequest().authenticated()
.antMatchers(MgmtRestConstants.BASE_SYSTEM_MAPPING + "/admin/**")
.hasAnyAuthority(SpPermission.SYSTEM_ADMIN);
if (oidcBearerTokenAuthenticationFilter != null) {
// Only get the first client registration. Testing against every
// client could increase the
// attack vector
ClientRegistration clientRegistration = null;
for (final ClientRegistration cr : clientRegistrationRepository) {
clientRegistration = cr;
break;
}
Assert.notNull(clientRegistration, "There must be a valid client registration");
httpSec.oauth2ResourceServer().jwt().jwkSetUri(clientRegistration.getProviderDetails().getJwkSetUri());
oidcBearerTokenAuthenticationFilter.setClientRegistration(clientRegistration);
httpSec.addFilterAfter(oidcBearerTokenAuthenticationFilter, BearerTokenAuthenticationFilter.class);
} else {
final BasicAuthenticationEntryPoint basicAuthEntryPoint = new BasicAuthenticationEntryPoint();
basicAuthEntryPoint.setRealmName(securityProperties.getBasicRealm());
httpSec.addFilterBefore(new Filter() {
@Override
public void init(final FilterConfig filterConfig) throws ServletException {
userAuthenticationFilter.init(filterConfig);
}
@Override
public void doFilter(final ServletRequest request, final ServletResponse response,
final FilterChain chain) throws IOException, ServletException {
userAuthenticationFilter.doFilter(request, response, chain);
}
@Override
public void destroy() {
userAuthenticationFilter.destroy();
}
}, RequestHeaderAuthenticationFilter.class);
httpSec.httpBasic().and().exceptionHandling().authenticationEntryPoint(basicAuthEntryPoint);
}
httpSec.addFilterAfter(
new AuthenticationSuccessTenantMetadataCreationFilter(systemManagement, systemSecurityContext),
SessionManagementFilter.class);
httpSec.anonymous().disable();
httpSec.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
